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Computers and Security 

■ This unit concentrates on the technical means 
that are used to protect data and information. 

■ The main one being cryptography: The science 
of changing data via transformations that make 
them unreadable (but recoverable in the right 
hands). 

■ The unit concentrates on how both the individual 
user and large industrial concerns can protect 
their data. 
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Computers and Security 

Why is security important? 

Many people have items of information that they wish to 
keep from others. For examples: 

We consider it essential to control access to data in our bank 
accounts and our health records. 

You will have used security technologies such as locks and 
possibly burglar alarms for your home for some time. 

■ In this unit you will study some of the many computer 
security technologies that are used on a day-to-day 
basis. However just as locks and burglar alarms can be 
bypassed, so too can their computer versions be broken 
or ‘cracked’. 
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Computers and Security 

Some examples of major security breaches 

False authority syndrome 

Authentic-looking messages that ask the user to do something 
that causes harm to the computer or files, such as the authentic- 
looking message purporting to have been sent by an online 
banking system asking for confidential login details and 
passwords. 

■ List Linking 

Putting someone's name on several mailing lists so they are 
swamped with emails and cannot read their normal mail. 

■ Money transfer 

A cracker can infiltrate computer files of big companies or banks 
and transfer money. 
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Computers and Security 

Some examples of major security breaches 

■ Roll your own credit cards 

Bank employees issuing fake credit cards. 

Also scanners illegally attached to ATMs that can scan your 
credit card as you use it. 

■ Web attack 

An attack on the inner workings of a selling website so that the 
intruder can get customers' login details. 

■ Internet worm 

Passes from computer to computer over the internet, replicating 
itself and infecting other computers. It may also damage 
important files. 



Cryptography: a technology for security 

Terminology 

Cryptography is the art and science of keeping information 
secure from unintended audiences, of encrypting it. It is the 
study of secret codes. 

It involves transforming data which can be understood by a 
reader into data which cannot be understood, while retaining the 
same information content. 

■ The process of transforming the text is known as 
encryption . 

■ Converting an encrypted text back to its original form is 
known as decryption . 

■ The original, understandable text is known as the plain text . 

■ The transformed text is known as the cipher text . 
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Cryptography: a technology for sicurity 

Terminology 

The transformation of a plain text into a cipher 
text uses some well-defined set of steps which is 
varied according to an entity known as a key . 

■ When the same key is used for encryption and 
decryption, it is known as symmetric key 
cryptography . 

■ When two different keys are used, one for 
encryption and another for decryption, it is 
known as asymmetric key cryptography . 



Cryptography: a technology for security 

A short history of cryptography: 

1 . Caesar Cipher 

■ A Caesar cipher, also known as a Caesar's cipher, the shift 
cipher, Caesar's code or Caesar shift, is one of the simplest 
and most widely known encryption techniques. 

■ It is a type of substitution cipher in which each letter in the 
plaintext is replaced by a letter some fixed number of 
positions down the alphabet. 

■ For example, with a shift of 3, A would be replaced by D, B 
would become E, and so on. 

■ The method is named after Julius Caesar, who used it to 
communicate with his generals. 






4 



4/6/2010 



Cryptography: a technology for sicurity 



Caesar Cipher 

■ Exercise 1 : Why are there only 25 possible Caesar keys? 




■ Solution: For the 26 letters in the English alphabet, the valid Caesar 
shifts are with keys of 1 to 25 and there are 25. Why? 

A Caesar shift of 0 would replace a letter with itself, as would a Caesar 
shift of 26. 



A Caesar shift of 27 is equivalent to a Caesar shift of 1 , a shift of 28 is 
equivalent to 2, and so on. 
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Caesar Cipher 

■ Exercise 2: What is the shift in the encrypted message 
below? 





Character 


a 


h 


c 


4 


e 


f 


£F 


h 


i 


j 


k 


1 


in 




Decimal 


1 


2 


3 


4 


5 


6 


7 


S 


9 


10 


11 


12 


13 


Character 


n 


0 


P 


q 


r 


s 


t 


u 


V 


w 


X 


y 


i 


Decimal 


14 


15 


16 


17 


IS 


19 


20 


21 


J 1 

j. ± 


23 


24 


25 


26 


Plaintext 


a 


0 


u 




u 


n 


. 


V 


e 


r 


s 


i 


t 


y 


Ciphertext 


h 


V 


b 




b 


u 


P 


c 


i 


y 


z 


P 


a 


f 



■ Solution: It is 7. 
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Cryptography: a technology for sicurity 

Caesar Cipher 

■ In the Caesar cipher, each letter in the alphabet can only 
be substituted by one other letter: this form of cipher is 
therefore known as a monosubstitution cipher . 

■ In modern versions the process used in transforming a 
text into its encrypted form is much more complicated 
and leads to polvalphabetic ciphers . 

■ For the Caesar cipher, decryption is achieved by 
reversing the shift process, converting D back to A, E to 
B, and so on. 

■ Because the keys used to encrypt and decrypt are the 
same, the Caesar cipher is an example of symmetric key 
cryptography . 



Cryptography: a technology for sicurity 

Caesar Cipher 

Exercise 3: Imagine a Caesar cipher is to be used that 
works for upper and lower case letters and the following 
special characters: space, comma, question mark, full stop. 
The key (i.e. the shift) is to be represented as a binary 
number stored in a computer file. What is the minimum 
number of bits needed for the key to represent all the 
possible values the key could take? 

■ Solution: The number of characters that the cipher deals 
with is: 26 (upper case letters) + 26 (lower case letters) + 4 
(the special characters) = 56. Therefore our key can be any 
number in the range 1 to 55. So we need to find the 
number of bits necessary to hold 55 possible values. 
Therefore 6 bits is the minimum number of bits needed. 
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A short history of cryptography 

2 Ancient Egyptian Hieroglyphs 

■ The system of writing in ancient Egypt, is known as 
hieroglyphs. 

Ancient Egyptian hieroglyphs consisted of drawings and 
paintings. 

Scientists and researchers have tried to interpret the ancient 
Egyptian hieroglyphs, but progress is felt only after finding the 
Rosetta stone in the year of 1799. 

■ Egyptian script and Greek, were well known to Egyptologists 
from the 19th century, who worked the decryption of the 
stone. 



■ It is believed that Jean-Francois Champollion was the one 
who first defeated the Code of Egyptian hieroglyphs. 
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Cryptography: a technology for security 

A short history of cryptography: 

3. One-Time Pad Encryption 

■ Two identical copies of a "pad" are made. 

■ Each comprised of many pages containing thousands of 
random characters. 

■ Each page contains a key consisting of random letters. 

■ The sender uses the top page of their pad to encrypt the 
message. 

■ The receiver uses the top page of their pad to decrypt the 
message. 

■ Both (sender and receiver) destroy the top page of the pad. 
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Cryptography: a technology for sicurity 

One-Time Pad 

One-time pads are totally secure if: 

The page is destroyed and never reused. 

The keys are truly random. 

The pads remain secure. 

■ The one-time pad (OTP) is a type of encryption, which 
has been proven to be impossible to crack if used 
correctly. 

■ It has also been proven that any cipher with the perfect 
secrecy property must use keys with effectively the same 
requirements as OTP keys. 






Cryptography: a technology for security 

One-Time Pad 

■ One-time pad Example - Encryption: 



Character 


a 


b 


c 


d 


e 


f 


a 


h 


i 


j 


k 


1 


m 


Decimal 


1 


2 


3 


4 


5 


6 


i 


8 


9 


10 


11 


12 


13 


Char actei 


ii 


0 


P 


q 


r 


s 


t 


u 


V 


w 


X 


y 


z 


Decimal 


14 


15 


16 


17 


18 


19 


20 


21 


22 


23 


24 


25 


26 


Plaintext 


b 


1 


n 


e 


b 


l 


l 


d 


s 


Decimal 


2 


12 


21 


5 


2 


9 


18 


4 


19 


One-Time Pad key 


k 


i 


V 


a 


k 


V 


z 


in 


li 


Decimal 


11 


9 


22 


1 


11 


22 


26 


13 


8 


Plaintext + Key 


13 


21 


43 


6 


13 


31 


44 


17 


27 


mo d 26 


13 


21 


17 


6 


13 


5 


18 


17 


1 


Ciphertext 


in 


u 


q 


f 


in 


e 


r 


q 


a 








si 
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One-Time Pad 

■ One-time pad Example - Decryption: 





Cliai acfei 


a 


b 


c 


(1 


e 


f 




h 


i 


j 


k 


1 


m 




Decimal 


1 


2 


3 


4 


5 


6 


7 


8 


9 


10 


11 


12 


13 


Character 


n 


0 


P 


q 


r 


s 


t 


u 


V 


w 


X 


y 


z 


Decimal 


14 


15 


16 


17 


18 


19 


20 


21 


22 


23 


24 


25 


26 


Ciphertext 


m 


u 


q 


f 


m 


e 


r 


q 


a 


Decimal 


13 


21 


17 


6 


13 


5 


18 


17 


1 


One-Time Pad key 


k 


i 


V 


a 


k 


V 


z 


m 


h 


Decimal 


11 


9 


22 


1 


11 


22 


26 


13 


8 


Ciphertext - Key 


2 


12 


1 


5 


a 


H 


1 


4 


I 


mo <1 26 


2 


12 


21 


5 


2 


9 


18 


4 


19 


Plaintext 


b 


1 


n 


e 


b 


i 


l 


(1 


s 
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Cryptography: a technology for security 

One-Time Pad 

■ One-time pad Example - Encryption & Decryption: 



Plaintext 


b 


1 


u 


e 


b 


i 


r 


d 


s 


Decimal 


2 


12 


21 


5 


2 


9 


18 


4 


19 


One-Time Pad key 


k 


i 


V 


a 


k 


V 


z 


in 


h 


Decimal 


11 


9 


22 


1 


11 


22 


26 


13 


8 


Plaintext + Key 


13 


21 


43 


6 


13 


31 


44 


17 


27 


mo d 26 


13 


21 


17 


6 


13 


5 


18 


17 


1 


Ciphertext 


in 


u 


q 


f 


m 


e 


r 


q 


a 






















Ciphertext 


m 


u 


q 


f 


m 


e 


r 


q 


a 


Decimal 


13 


21 


17 


6 


13 


5 


18 


17 


1 


One-Time Pad key 


k 


i 


V 


a 


k 


V 


z 


m 


h 


Decimal 


11 


9 


22 


1 


11 


22 


26 


13 


8 


Ciphertext - Key 


2 


12 




5 


2 


-17 


-8 


4 


s 


mo d 26 


2 


12 


21 


5 


2 


9 


18 


4 


19 


Plaintext 


b 


1 


u 


e 


b 


i 


r 


d 


s 
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Cryptography: a technology for sicurity 

A short history of cryptography 

4 . Enigma 

■ An Enigma machine is any of a family of related electro- 
mechanical rotor machines used for the encryption and 
decryption of secret messages. 

■ The first Enigma was invented by German engineer at the end 
of World War I . 

■ The machine has become well-known because, during World 
War II, British and American codebreakers were able to 
decrypt a vast number of messages which had been 
enciphered using the Enigma. 
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Cryptography: a technology for security 

Enigma 

The machine was about the size of an old-fashioned typewriter, usually 
contained in a wooden box. 

The input was by way of a typewriter-style keyboard (with alphabetic 
keys only), and the output through a lamp-board. 

■ For each key depressed on the keyboard, the encrypted (or decrypted) 
corresponding letter would light up on the lamp-board, for copying down 
and later transmission by Morse-code telegraphy or otherwise. 

■ The core of the machine was a series of scrambler wheels (3 or 4), 
each one having 26 contacts on one side and 26 on the other, wired to 
each other in different ways. 

■ So in one wheel, current flowing in through the A contact on one side, 
might exit through the Q contact on the other side, whereas in a 
different wheel, the wiring might go from A to F. 

In this way, each scrambler wheel represented a different substitution 
alphabet. 

!■■■■ 
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Cryptography: a technology for sicurity 

Enigma 

This applet simulates the operation of an Enigma 
machine. 



I- Rotors/Reflector 



oeeoe « oo -Display 

_oJ _wj _eJ _rJ jJ _uj _|J _oJ 

I _lI _eJ _d _®J _hJ _±J jiJ 

^ _cj _vj _bJ _nJ _mJ _lj 



Original Text (last 20 characters): 
A 

Encoded Text (last 20 characters): 




Reset machine Rotor 



Initial Position: 3 



i z= [ tm i ■ !■ h i ■ i i — I bi mm c: \ z^-i i 



Ai 



Cryptography: a technology for sicurity 

Enigma 

The Enigma machine produces a polvalphabetic cipher 
because each rotor which performs a substitution 
advances one position each time a key is pressed which 
changes the substitutions it performs. 

■ An Enigma machine uses symmetric key cryptography . 

This means that the same key is used both to encrypt and 
decrypt messages. 

■ The keys were held in code books. 

■ The sender and receiver of messages had to have 
identical code books. 
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Cryptography: a technology for sicurity 

Data Encryption Standard (DES) 

DES is an encryption standard which was developed by 
IBM for the American government and considered 
secure at the time. 

■ DES uses a symmetric key (A single key that is used to 
both encode and decode) with permutation, swapping 
and function application. 

Permutation involves shuffling the characters in a message so 
that although the same characters appear, they appear in 
different positions. 

Swapping takes two collections of characters and exchanges 
the first collection with the second. 

Function application is a mathematical transformation which 
changes a message based on a key. 



Cryptography: a technology for security 

Data Encryption Standard (DES) 

DES Example: 




■ By 1997 and with the increases in computer power, a 
number of researchers managed to crack DES by what is 
known as a brute force method . 

This method involves feeding the encrypted text into a 
computer which tries every possible key, checking that the 
output from the decryption makes sense. 



1 1 B II 
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Cryptography: a technology for sicurity 

Asymmetric key cryptography 

One of the problems with symmetric key cryptography is 
that the key used must be distributed to any recipient of 
a coded message. 

The probability of its being disclosed becomes higher as more 
and more senders and recipients start using it. 

■ In order to get over this problem asymmetric key 
cryptography was developed. 

Two different keys are used, one for encryption, another for 
decryption and so the technique is called asymmetric. 

A plain text encrypted with a public key can only be decrypted 
with the corresponding private key. 

The reverse is also true: a plain text encrypted by private key 
can only be decrypted with the corresponding public key. 



Cryptography: a technology for sicurity 

Asymmetric key cryptography 

■ In asymmetric key encryption, two people (A and B) who wish 
to communicate would do the following. 

A and B both generate two keys: a public key and a private key 
that will be used in the encryption and decryption of messages. 

A and B both publish their public key, e.g. on their websites. 
Their other keys (the private keys) are kept secret. 

If A wants to send a message to B, A encrypts the message 
using B’s public key. 

When B receives the message, B decrypts it using their private 
key. 

Because B’s private key is known only to B but public keys can 
be known to anyone, this means that cryptography can be 
achieved without having to distribute keys. This makes 
asymmetric key cryptography much more secure than symmetric 
key cryptography. 
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Cryptography: a technology for sicurity 



Asymmetric key cryptography 

■ If B wants to send to A: 




■ If A wants to send to B: 





Security in Industry 

Asymmetric Key Cryptography 
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Security in Industry 

Asymmetric Key Cryptography 

The main advantage of such technique is that because 
the private key is stored on just one computer there are 
no security worries about private keys being sent to the 
other computer. 

The main disadvantage is that asymmetric techniques 
are very inefficient in terms of processing time. 

■ In real applications, both algorithms are often combined 
(digital envelope). 

With a public-key algorithm encrypting a randomly generated 
encryption key. 

While the random key encrypts the actual message using a 
symmetric algorithm. 



Cryptography: a technology for security 

RSA 

■ RSA is the most popular of the small number of asymmetric 
key techniques that are available to computer users. 

■ RSA takes its name from its inventors: Rivest, Shamir and 
Adleman. 

■ The major drawback to RSA is that they are 
computationally very time consuming in contrast to DES 
which can be made very fast. 

Software encryption using DES (Symmetric Key Algorithm) is 
100 times faster than software encryption using RSA 
(Asymmetric Key Algorithm). 

Hardware encryption using DES (Symmetric Key Algorithm) is 
anywhere from 1,000 to 10,000 times faster than hardware 
encryption using RSA (Asymmetric Key Algorithm). 
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Security in Industry 

SSL (Secure Sockets Laver) 

SSL is a technology which combines between 
the two algorithm (symmetric and asymmetric) in 
an efficient way. 

SSL is currently the most popular way of 
ensuring that data is sent securely from one 
computer on a network to another. 






Security in Industry 

SSL (Secure Sockets Laver) 

There are a number of steps involved in the transfer of 
data such as collections of credit card details, using SSL. 

1 Two computers A and B exchange information about the encryption 
and decryption methods they are going to use. 

2. Computer A generates a key for sending bulk data to the computer B 
using a symmetric key cryptography technique, such as DES. 

3. Computer A encrypts the symmetric key using the public key of 
computer B and sends it to computer B. 

4. Computer B receives the encrypted symmetric key and decrypts it 
using its own private key. At this point both computers know the 
symmetric key. 

5. Computer A sends data to computer B using the symmetric key. 

6. When computer B receives the data, it can decrypt it using the 
symmetric key. 
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Security in Industry 



SSL (Secure Sockets Laver) 

■ It is worth pointing out that the symmetric key that is 
generated will vary each time a data transfer takes 
place between two computers. 

It is known as a one-time key , i.e. the same key is not 
reused. 



A key that is destroyed, once it has been used; it is 
never used again. 

■ So, for example, if I communicated my credit card 
details to an e-commerce site, moved my browser to 
another site and then sent the credit card details 
again, a different symmetric key would be used. 
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Security in Industry 

SSL (Secure Sockets Laver) 

SSL has become very popular and is the major 
technology for sending data across insecure 
networks such as the internet. 

First, SSL is efficient: it uses symmetric cryptography 
for bulk data transfer. 

Second, SSL creates a key for each data transfer; 
because there is no single key that is used time and 
time again, there are no problems with key security. 

Third, SSL uses a highly secure way of transferring 
secure keys: asymmetric key cryptography. 
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Security in Industry 

SSL (Secure Sockets Laver) 

■ SSL is used on most e-commerce websites and 
is supported by all modern web browsers. 

■ SSL sites can be distinguished from ordinary 
sites in a number of ways. 

Their addresses begin with https:// rather than http://. 

1 The extra s stands for ‘secure’. 

A small closed padlock is displayed in the border of 
the browser window. 

The browser may warn the user that they are going to 
a secure site. 
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Security in Industry 

Digital signatures 

■ When two parties wish to communicate using a network 
(such as the internet) a number of problems can occur. 

■ Let us say party A sends a message to party B. 

Party B may forge a different message and claim that it came 
from A. 

Party A can deny that the message was ever sent. 

■ A computer system that prevents this enforces two 
properties: 

Authentication: The receiver knows that a particular message 
originated from a certain user. 

Non-repudiation: A sender cannot deny sending a message. 
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Security in Industry 

Digital signatures 

■ It is a technique which uses asymmetric key 
cryptography along with a mathematical scheme (Hash 
function) for demonstrating the authenticity of a digital 
message or document. 

■ It employs a number known as a message digest, which 
is simply a number calculated from a message and 
hence any changes in a message can be detected by 
comparing the message digests of the original and 
changed versions. 
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Security in Industry 

Digital signatures 

For example, let us assume that the lower-case alphabetic characters 
‘a’ to ‘z’ are stored in the computer as the numbers 1 to 26, the upper- 
case characters are stored as numbers 27 to 52 and spaces are stored 
as 53. 

■ Now suppose the message digest algorithm is that we take the sum of 
the number values in a message so that, for example, the message 
‘Hello there’ would have the sum 34+5+12+12+15+53+20+8+5+18 
+5=187. 

■ The message digest is then encrypted using the sender’s private key to 
produce a digital signature which is sent together with an encrypted 
version of the message using a symmetric key cryptographic method. 
Any (intentional or unintentional) changes to the message can be 
detected by recalculating the message digest and comparing it with the 
digital signature sent with the message. If any changes have been 
made, the message digest will be different. 
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Security in Industry 

Digital signatures 



Encrypted 




Encrypted 


Message & 




Message & 


Signature 




Signature 



Encrypted 
One Time Key 



. One time Symmetric Key 
r Decry pts Message & Digital 
Signature 



Receiver 's Private Key Decry pts 
one-time Symmetric key 



Second Message 
Digest Produced 

[Message Digest 2] 



Original Digest compared to 
second Digest foridentical Match 
to confirm Message Integrity 



Decrypted Message 
hashed a second time 




Original Message 
Digest 
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Security in Industry 

Digital certificates 

■ One of the problems with asymmetric key cryptography 
is that there is no simple way that you can verify that the 
publisher of a public key is who they say they are. 

For example a criminal could set up a website which used the 
Digital certificates Security in industry logos and design of a 
banking site, publish a public key and then do business using 
that key. 

■ Digital certificates have been developed in order to 
overcome this problem. 

They require the involvement of an organization known as a 
certificate authority : an organization which can be trusted, 
perhaps by having some sort of national or official role. 

A postal authority may be a good choice for a certificate 
authority. 





Security in Industry 



Digital certificates 

■ The certificate authority keeps a database of 
digital certificates. Each certificate will contain 
the following. 

The name of the authority that issued the certificate. 
The name of the user associated with this certificate. 



The public key of the user together with some 
description of the asymmetric cryptography method 
that the user employs. 



A digital signature. This is the contents of the 
certificate encrypted by the private key of the 
certificate authority. 
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Security in Industry 

Digital certificates 

■ Let us say that a customer wishes to do business with a 
company. 

■ The customer would look up the company’s digital certificate in 
the certificate store maintained by a certificate authority. 

■ In order to confirm that the certificate is in fact from the certificate 
authority the customer would use the public key associated with 
the certificate authority to decrypt the digital signature. 

■ This could then be compared with the contents of the certificate. 

■ If they match, then the certificate was issued by the certificate 
authority. 

■ The customer can then use the public key to decrypt messages 
from the company that is described by the digital certificate. 
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Security in Industry 

Digital certificates 
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Security in Industry 

Digital certificates 

■ How is this verification carried out? 

Everything can be done automatically by the software that the 
customer is using. 

For example, if the customer is communicating with an e- 
commerce site using a browser, it is the browser that will carry 
out all the checking. 

■ How does the customer find the public key of the 
certification authority? 

The public keys of any certificate authorities that a program 
trusts will be pre-loaded into a browser or any other program 
used for e-commerce, or an easy mechanism exists for the user 
of the program to add a public key. 




Security in Industry 



Firewalls 

Firewalls and secure electronic transactions (or SETs) 
are other ways of ensuring security. 

■ A firewall is a software or hardware barrier which 
prevents an intruder from accessing a web server. The 
figure below shows an example of a typical firewall 
configuration. 
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Security in Industry 

Firewalls 

The firewall provides two levels of protection for 
a web server: Screening router and bastion 
(citadel) host. 

1 The first level is implemented by a hardware 
device known as a screening router (often just 
called a router). 

The screening router looks at all the packets of data 
which enter a protected private network and 
determines which one should be allowed to pass in 
each direction. 
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Firewalls 

2 The second level is known as a bastion host (often 
known as a proxy gateway). 

This server is used to hold temporary copies of web pages 
which are requested by users. 

If a page is requested and it is not stored on the bastion host, 
then the bastion host forwards the request to the real web 
server used by the enterprise that runs the private network. 

This server then passes the web page to the bastion host which 
then dispenses (distributes) it to the browser that requested it. 

If an intruder manages to get past the router - the first level of 
security - then all he or she would find are temporary pages in 
transit to browsers in the internal network. 
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Web Security 

Secure Socket Layer (SSL) 

■ Secure Electronic Transaction (SET) 

Protects credit card transactions on the internet. 

Data is kept secret by using DES, and message 
digests are used to ensure the integrity of the data. 

SET uses digital certificates to authenticate the 
cardholder and the company accepting the 
transaction. 



zz I «! ■ !■ ! ■ ij " 1 1! !il c: \ n\»Z\ 



SJ 



The Limits of Security 



What cryptography can and cannot do? 



All users must be on their guard against attempts to breach 
security. 

■ The best security is no good if the password is written on a 
piece of paper under the user's keyboard or it's the name of 
the dog or child! 

■ You should learn to look beyond the cryptography, at the 
entire system, to find weaknesses. The weak points had 
nothing to do with cryptography. 

Many systems offer strong security from a technical 
standpoint but are compromised by poor working practices. 

“Security is a chain; 



It's only as secure as the weakest link.“ Bruce Schneier 

E 
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The Limits of Security 
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“Denial of service” Attacks 

■ A denial of service attack is an attack on a computer 
which disables the computer to such an extent that 
normal work cannot be carried out on it. 

Viruses 

■ A virus is a program that upsets the correct functioning 
of a computer. 

For example, a virus might delete some important system files 
which are required for the correct functioning of a computer. 

Non-technical attacks 

A good example of this type of attack is password 
guessing. 
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The security environment 

Some examples of conventional security measures are 
listed below. 

1 Physical methods of ensuring that access to buildings and 
rooms is suitably restricted. 

2. Making sure that any process which could result in the change 
of data or reading of data which should remain secure is double 
checked. 

3. Securing any waste product that contains sensitive material: 
ensuring, for example, that printouts are shredded. 

4 Insisting that all passwords used by staff are secure. 

5. Making sure that communication hardware cannot be tampered 
with and that all external maintenance workers are authorized. 
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The Single User and Security 



The internet and its traffic 

■ Two key factors in the design of the internet were the 
following. 

1 The network would not have a central controlling 
computer. 

Each computer on the network would be assumed to have the 
same authority. 

2. The network should be able to deliver information 
between any two computers on the network even if 
some of the machines in the network had failed. 




There would be a large number of alternative routes through the 
network, so it was not necessary for information to travel by the 
most direct route, instead it could travel in a roundabout route, 
avoiding any damaged parts of the network. 



The Single User and Security 

The internet and its traffic 

The real power of the internet is its ability to reroute 
packets. 

They can be rerouted either because a link has failed or to 



relieve congestion on a part of the link. 
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HTlie Single User and Security 

Why the internet is not secure? 

■ Internet routers are designed to move packets to their 
destination via alternative paths. 

It is possible for a path to belong to a malicious third party and 
hence for data to be read by that third person. 

■ There is another security problem, and that concerns the 
public accessibility of data and specifications of internet 
components. 

The internet is a public medium and hence anyone should be 
able to develop software for it. 

This means that specifications for the architecture of the internet 
are freely available and can be used to develop software that 
can be employed to read data passing through a computer on 
the internet. 





The Single User and Security 



Guarding against possible threats 

Given the large number of threats that the internet contains 
how do you minimize the possibility that you will be a 
victim? 



The list of precautions here comes from the excellent book 
“Web Psychos, Stalkers and Pranksters by M. Banks”. 

1 . Email is not a secure medium, it can be read quite easily 
as it passes around the internet. 

If you are worried about prying eyes reading your messages, 
then encrypt the messages. 

If you do not want to be contacted by other users of the internet, 
then change the options of an email program or a browser used 
to send email so that this information is not displayed to the user 
who you sent the message to. 
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The Single User and Security 

Guarding against possible threats 

2 Do not publish your email address on the web if you do 
not want to receive spam. 

3 Use a number of email addresses. Keep one for your 
own use in contacting friends and colleagues. If you are 
contributing to a mailing list then use one of the other 
email addresses (known as a throwaway address) and 
never read their contents. 

4 If you really want to be anonymous when sending 
emails then use one of the anonymous email sites that 
can be found on the web. 
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The Single User and Security 



Guarding against possible threats 

5 , If you do not want to other users of the internet to know 
about your ISP, computer, operating system and details 
such as your email address use a proxy server or 
anonymiser. 

6, Beware of executing programs which are not well known 
or not written by you. 

7 Only share confidential information - such as credit card 
details - with secure sites. 

8, Invest in anti-virus software. 

9 Don’t send your credit card details by email. 

10. Do not fill in a web form that is not on a secure server. 



1 1 . Keep a record of all transactions. 
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Unit Summary 



■ 



■ This unit has looked at how data can be hidden from 
prying eyes. 



■ It examined the main technology that can be used for 
ensuring security: cryptography. 



It described the two main cryptographic techniques: 
symmetric key cryptography and asymmetric key 
cryptography and showed how they were used in 
industry. 



The unit concluded with a discussion of security and 
other issues such as privacy in terms of how it affected 
the single user who sometimes connect to the internet. 
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